Total
12756 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8518 | 1 Schneider-electric | 1 Zelio Soft 2 | 2025-07-12 | 3.3 Low |
| CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user. | ||||
| CVE-2016-20022 | 1 Linux | 1 Linux Kernel | 2025-07-12 | 8.4 High |
| In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier. | ||||
| CVE-2024-42410 | 1 Intel | 1 Graphics Drivers | 2025-07-12 | 6.5 Medium |
| Improper input validation in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-23204 | 1 Api-platform | 1 Core | 2025-07-12 | 4.4 Medium |
| API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to `security`, the impact is there only when there's only a security after resolver and none inside security. Version 3.3.15 contains a patch for the issue. | ||||
| CVE-2025-24501 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-12 | N/A |
| An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. | ||||
| CVE-2025-24504 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-12 | N/A |
| An improper input validation the CSRF filter results in unsanitized user input written to the application logs. | ||||
| CVE-2025-30648 | 1 Juniper Networks | 2 Junos Os, Junos Os Evolved | 2025-07-12 | 7.4 High |
| An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS). When a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which will lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS. The DHCP process will restart automatically to recover the service. This issue will occur when dhcp-security is enabled. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S10, * from 22.2 before 22.2R3-S6, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2; Junos OS Evolved: * from 22.4 before 22.4R3-S6-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO. . | ||||
| CVE-2024-27613 | 1 Numbas | 1 Editor | 2025-07-11 | 7.3 High |
| Numbas editor before 7.3 mishandles reading of themes and extensions. | ||||
| CVE-2025-6376 | 1 Rockwellautomation | 1 Arena | 2025-07-11 | 7.8 High |
| A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. | ||||
| CVE-2025-6377 | 1 Rockwellautomation | 1 Arena | 2025-07-11 | 7.8 High |
| A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. | ||||
| CVE-2023-52588 | 1 Linux | 1 Linux Kernel | 2025-07-11 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency between data and node may cause data corruption after SPOR. Similar issue was fixed by commit 2d1fe8a86bf5 ("f2fs: fix to tag gcing flag on page during file defragment"). | ||||
| CVE-2025-47968 | 1 Microsoft | 1 Autoupdate | 2025-07-11 | 7.8 High |
| Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47171 | 1 Microsoft | 8 365 Apps, Office, Office 2019 and 5 more | 2025-07-11 | 6.7 Medium |
| Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally. | ||||
| CVE-2025-24002 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | 5.3 Medium |
| An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog. | ||||
| CVE-2025-24005 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | 7.8 High |
| A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation. | ||||
| CVE-2022-32144 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2025-07-11 | 8.6 High |
| There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32144. | ||||
| CVE-2025-53502 | 2025-07-10 | 6.5 Medium | ||
| Improper Input Validation vulnerability in Wikimedia Foundation Mediawiki - FeaturedFeeds Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - FeaturedFeeds Extension: 1.39.X, 1.42.X, 1.43.X. | ||||
| CVE-2024-3584 | 1 Qdrant | 1 Qdrant | 2025-07-10 | 7.5 High |
| qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0. | ||||
| CVE-2024-4287 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-10 | 7.2 High |
| In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts. | ||||
| CVE-2023-29335 | 1 Microsoft | 15 365 Apps, Office, Windows 10 1507 and 12 more | 2025-07-10 | 7.5 High |
| Microsoft Word Security Feature Bypass Vulnerability | ||||